European Commission proposal for a Directive on statutory audit: frequently asked questions

(see also IP/04/340)

Why has the Commission proposed this Directive?

This proposed Directive is necessary because we need to ensure that investors and other interested parties can rely fully on the accuracy of audited accounts and to enhance the EU's protection against the type of scandals that recently occurred in companies such as Parmalat and Ahold. Most of the measures in the proposal, however, were already in preparation well before those scandals broke. Faith in financial reporting and financial markets must be restored to protect investment, jobs and growth. This proposal fulfils many of the priority commitments the Commission announced in its May 2003 Communication "Reinforcing statutory audit in the EU" (see IP/03/715). The Commission also announced on the same day a wider Action Plan on modernising company law and enhancing corporate governance in the EU (see IP/03/716 and MEMO/03/112) and the proposed Directive is linked with other corporate governance initiatives covered in that Action Plan.

What, very briefly, does the proposal aim to do?

It clarifies the duties of statutory auditors, their independence and ethics, by introducing a requirement for external quality assurance and by ensuring robust public oversight over the audit profession. This considerably broadens the scope of the former Eighth Council Directive on Company Law, which only dealt with the approval of statutory auditors.

The proposal also provides a basis for effective and balanced international co-operation between regulators in the EU and with regulators in third countries, such as the US Public Company Accounting Oversight Board (PCAOB). The latter is particularly important because of the global nature of modern capital markets, demonstrated again by the international nature of the recent scandals, which affected several jurisdictions.

When does the Commission expect it to become law?

That depends on the European Parliament and the Council, but both have indicated repeatedly that they regard these issues as a priority. We hope that both institutions will consider the proposal in detail in the second half of 2004 with the aim of "fast-track" adoption by mid-2005. There would then be a period of 18 months for Member States to implement it in national law. But many Member States are already taking legislative and regulatory action on the lines of the changes proposed by the Commission.

How does this proposed Directive respond to recent scandals in the European Union such as Parmalat and Ahold ?

The proposed Directive is the key measure for the EU to rebuild trust in the audit function. Although largely prepared well in advance of the Parmalat scandal, the proposal has been adjusted to take into account the specific implications of that case. For example, it specifically addresses group audits and would strengthen public oversight. Based upon the experience in the Ahold case, the proposal also clarifies the role of the audit committee in relation to the internal control of the company.

The Parmalat case has shown that it is unacceptable that group auditors should only be concerned with parts of the group's business when they are in fact responsible for the audit report concerning the group as a whole. The proposal therefore clearly states that the group auditor bears the full responsibility for the audit report on the consolidated accounts.

The proposed common requirements for public oversight at Member State level would strengthen Member States' oversight systems and make them more robust. Independence of the public oversight systems from the profession is important to restore public trust in statutory audits. In response to issues raised in the Parmalat case, the proposed Directive would require that only non-audit practitioners can participate in the governance of the system of public oversight of auditors of "public interest entities" in other words listed companies, banks and insurance companies.

Following the Ahold case, the proposal now specifically states that in the case of public interest entities, the audit committee must monitor the effectiveness of the company's internal control, internal audit (where applicable) and risk management systems.

What measures are being proposed to apply to all statutory auditors and audit firms?

The following measures concern all statutory auditors and audit firms:

update of the educational curriculum for auditors, which must now also include knowledge of international accounting standards (IAS) and international auditing standards (ISA)

liberalisation of the ownership and the management of audit firms by opening up the ownership and the management to statutory auditors of all Member States

introduction of an electronic registration system for auditors and audit firms in all Member States, with a catalogue of registration information that has to be permanently updated

definition of basic principles of professional ethics

legal underpinning of principles of auditor independence including the duty of the statutory auditor or audit firm to document factors which may affect auditors' independence (such as performing other work for the companies they audit) and safeguards against these sorts of risks

obligation for Member States to set rules for audit fees that ensure audit quality and prevent "low-balling" - in other words preventing audit firms from offering the audit service for a marginal fee and compensating this with the fee income from other non-audit services

requirement to use international auditing standards for all EU statutory audits once those standards have been endorsed under an EU procedure; Member States can only impose additional requirements in certain defined circumstances

possibility for the adoption of a common audit report for financial statements that have been prepared on the basis of International Accounting Standards (IAS). This would ensure that all audit reports for financial statements prepared on the basis of IAS are identical throughout the EU

introduction of a requirement for Member States to organise an audit quality assurance system that has to comply with clearly defined principles, such as the independence of reviewers and secure funding

obligation for Member States to introduce effective investigative and disciplinary systems

adoption of common rules concerning the appointment and the resignation of statutory auditors and audit firms (for example, statutory auditors to be dismissed only if there is a significant reason why they cannot finalise the audit) and introduction of a requirement for companies to document their communication with the statutory auditor or audit firm

disclosure by companies, in the notes to their financial statements, of the audit fee and other fees for non-audit services delivered by the auditor.

What are the specific measures applying to statutory auditors and audit firms of public interest companies?

Provisions in the proposal applying specifically to auditors of public interest companies defined broadly as listed companies, banks or insurance companies are as follows:

introduction of an annual transparency report for audit firms that includes information on the governance of the audit firm, its international network, its quality assurance systems and the fees collected for audit and non-audit services (to demonstrate the relative importance of audit in the firm's overall business)

auditor "rotation" - Member States to have the option of requiring either a change of key audit partner dealing with an audited company every five years, if the same audit firm keeps the work, or a change of audit firm every seven years

shortening of the period when an audit quality review must be carried out from five to three years

appointment of the statutory auditor or audit firm on the basis of a selection by the audit committee which must be set up in all public interest companies

obligation for the statutory auditor or audit firm to report to the audit committee on key matters arising from the statutory audit, particularly on material weaknesses of the internal control system

disclosure to and discussion with the audit committee of any threats to the auditor's independence and confirmation in writing to the audit committee of his independence.

What would the proposed Directive do to reinforce public oversight over the audit profession and regulatory cooperation within the EU and with third countries?

The following elements would strengthen oversight and cooperation across borders:

common criteria for public oversight systems at Member State level: in particular, non-practitioners would have to predominate

creation of a cooperative model between regulatory authorities of Member States on the basis of "home country control" in other words, audit firms would be principally regulated by authorities in the Member State where they are established

mutual recognition by Member States of each other's regulatory requirements in the case of audits covering more than one jurisdiction, such as a statutory audit of consolidated accounts or of a company whose securities are traded on a regulated market in another Member State than where the company has its registered office

establishment of procedures for the exchange of information between oversight bodies of Member States in investigations

rules on approval of third country auditors on the condition that the country concerned offers reciprocity for EU auditors

extension to third countries of the EU model for cooperation between Member States, on the basis of reciprocity

obligation for the Commission to assess the equivalence of third country regulatory systems at EU level before Member States can agree bilateral working arrangements

as part of the cooperative model, possibility for Member States to grant, under exceptional circumstances, direct access to audit working papers and other documents to authorities of third countries, subject to a number of important safeguards

introduction of public oversight by Member State authorities on third country auditors if the latter's oversight system is not considered equivalent.

Will not all of this just mean more bureaucracy for auditors and raise the cost of audits a cost which will be passed on to shareholders and customers?

Much of what is proposed is simply good practice already followed by good auditors well governed companies and world-class regulators within and beyond the EU. We need to spread that good practice. Good audits cannot be done on the cheap. What is more, the cost of audits not being done ethically and efficiently - for investors, employees, businesses who deal with scandal-hit companies and for society at large is one we cannot afford to pay. There could be no more graphic illustration of that than the Enron and Parmalat affairs.

How have the ten priorities the Commission announced for statutory audit in May 2003 (IP/03/715) changed since then, as a result of Parmalat? How many of those priorities remain to be dealt with?

In fact, Parmalat clearly underlined the validity of the Commission's priorities listed in the May 2003 Communication on statutory audit (see IP/03/715). The only real change is the introduction of a requirement for listed companies, banks and insurance companies to set up an audit committee. It was originally envisaged to introduce audit committees through a non-binding Commission Recommendation. Parmalat particularly showed the need for public interest entities to have a body which monitors the financial reporting and audit process. Two mid-term priorities still remain to be implemented, i.e. a study on the impact of a more restrictive approach on additional services provided to the audited entity and a study on the economic impact of auditor liability regimes.

Does this proposal mean the Commission has decided that the Recommendation on statutory audit published in 2002 (IP/02/723) would not have the full effect desired?

Member States are presently implementing the Recommendation on Statutory Auditors' Independence. It is therefore too early to say whether this Recommendation has had the full effect desired. The proposal includes the basic principle of the Recommendation, i.e. that an auditor or an audit firm cannot carry out a statutory audit if there is a financial, business, employment or other relationship, including the provision of additional services, with the audited entity that might compromise the statutory auditor's or audit firm's independence. This principle must be applied taking account of the guidance included in the Recommendation. The Commission intends to review the Recommendation by May 2005, in the light of the experience acquired with its application and of the results of the study that the Commission will carry out on the combination of audit and non-audit services and a possible more restrictive approach on that issue.

Does the proposed Directive require mandatory rotation of audit firms?

In order to reinforce the independence of auditors of public interest entities, the proposed Directive requires mandatory rotation of auditors. Member States would have the option of requiring either a change of key audit partner dealing with an audited company every five years, if the same audit firm keeps the work ("internal rotation"), or a change of audit firm every seven years ("external rotation"). The Commission believes that mandatory rotation will contribute to avoiding conflicts of interest.

Does the proposed Directive prohibit a statutory auditor or audit firm from delivering additional services to the audited entity?

No, but it enhances safeguards against such situations leading to damaging conflicts of interest. The proposed Directive takes over the basic principles laid down in the Commission's Recommendation (2002/590/EC) of 16 May 2002 on 'Statutory Auditors' Independence in the EU: A set of fundamental principles' (see IP/02/723). It states that statutory auditors or audit firms cannot provide any additional service that would compromise their independence and that they cannot in any way be involved in management decisions.

The proposed Directive follows the principle based approach of the Recommendation and does not include a list of non-audit services which statutory auditors or audit firms cannot perform. Given the changing nature of markets, a specific list would lead to a risk of new types of services arising that could be problematic but which could not quickly be added to the banned list. A principles-based approach avoids that danger. However, the examples quoted in the Recommendation continue to apply. This means that auditors should not provide those non-audit services (such as bookkeeping or valuation services) which the Recommendation has indicated are of a nature that they would almost always compromise the auditor's independence.

The statutory auditor or audit firm has to document any risks which might be perceived as compromising its independence and the safeguards it puts in place to mitigate these risks. Furthermore, the audited entity has to disclose, in the notes to its financial statements, the audit fee and the fee for non-audit services paid to its statutory auditor or audit firm.

For the statutory audit of public interest entities, the audit committee will have to review and monitor the independence of the statutory auditor or audit firm and in particular the provision of additional services to the audited entity.

Why does the proposed Directive require the use of international auditing standards?

As stated in the 2003 Communication on 'Reinforcing statutory audit in the EU', the Commission proposes that all statutory audits prescribed by Community law should be carried out in accordance with International Standards on Auditing (ISA).

As in the field of accounting, the Commission considers it important that global standards are applied throughout the EU. This measure will help to secure the recognition of EU audited financial statements also in third country jurisdictions. It is also a logical measure in the context of the introduction of IAS in the EU by 2005. It would be inconsistent to have IAS financial statements audited according to differing national auditing standards.

In order to be able to endorse international standards on auditing, the Commission must examine whether the standards are accepted internationally and whether they have been developed with proper due process, public oversight and transparency. Furthermore, the standards must be of high quality and contribute to the annual accounts and the consolidated accounts showing a true and fair view. Finally, the standards must be conducive to the European public good.

How does the proposed Directive deal with remaining additional audit requirements set by Member States that are not dealt with by ISA?

It is important that the same set of auditing standards is applied throughout the EU. It should therefore in principle not be possible for Member States to introduce additional audit procedures. The proposed Directive therefore states that Member States may only impose additional audit procedures if these follow from specific requirements relating to the scope of the statutory audit. This means that Member States cannot develop alternative audit techniques. The basic auditing standards applied throughout the EU must be the same. However, as the scope of the audit may presently differ (it sometimes includes today elements which are felt to be particularly relevant in certain Member States, such as the audit of social, corporate governance or environmental matters) additional procedures may be introduced in order to ensure that those specific national requirements are complied with.

Will there be a common standard audit report for all EU statutory audits?

Based on the proposed Directive, the Commission may adopt a common standard audit report for annual or consolidated accounts which have been prepared in accordance with adopted IAS. For the audit of financial statements in general, the audit report will at least have to comply with Article 51a of the Fourth Council Directive (78/660/EEC) of 25 July 1978 on annual accounts and Article 36 of the Seventh Council Directive (83/349/EEC) of 13 June 1983 on consolidated accounts, which are largely based upon the relevant international auditing standard (ISA 700).

Why are some measures specifically directed at auditors of public interest entities and exactly what are those measures?

The Commission believes more stringent requirements should govern the statutory audit of public interest entities broadly listed companies, banks and insurance companies because the potential negative consequences for shareholders, customers and others of sub-standard audits of such entities are usually greater than for other types of company. This means that the costs of the extra rules concerned are far outweighed by the benefits of avoiding audit problems in those entities.

The proposed Directive requires all audit firms that carry out statutory audit(s) of public interest entities to publish a detailed report that gives an insight into the organisation of the firm and the network to which it belongs. The audit firm must provide inter alia a statement on the governance structure of the firm, a description of the internal quality control system and a statement on the effectiveness of that system by the administrative or management body. The report must include the date of the last quality assurance review, the policy followed on continuous education and a break-down of fees in order to show the importance of the firm both in terms of audit services and non-audit services.

All public interest entities must set up an audit committee. In order to enhance the quality of financial reporting, there must be a close relationship between the statutory auditor and the audit committee. The statutory auditor or audit firm must report to the audit committee on key matters arising from the statutory audit and in particular on material weaknesses in internal control in relation with the financial reporting process.

The proposed Directive also gives the audit committee a central role in reviewing and monitoring the independence of the auditor. The audit committee must assist in the nomination process for the statutory auditor or audit firm by selecting the statutory auditor or audit firm and proposing its appointment to the general meeting of shareholders of the audited entity.

Finally, the proposed Directive shortens audit quality review cycles from five to every three yearsand sets stricter requirements for public oversight by excluding any practitioner from the governance of public oversight systems.

Are there new obligations in the proposed Directive that would have to be fulfilled by the audited entities themselves?

Yes. The proposed Directive addresses corporate governance aspects of audited entities that are closely interlinked with statutory audit. This relates particularly to matters concerning the appointment, the dismissal and resignation of the auditor as well as communication with the auditor. For public interest entities, the establishment of audit committees will be mandatory (see above).

The procedures for appointment of the statutory auditor or audit firm shall ensure that the statutory auditor or audit firm is independent from those who prepare the financial statements of the audited entity. Some Member States require the involvement of supervisory authorities, courts or other organisations designated by law (e.g. for cooperatives) in the appointment of the statutory auditor or audit firm. The proposed Directive does not prejudice this.

With regard to the dismissal and resignation of auditors, the proposed Directive introduces the principle that the statutory auditor or audit firm shall only be dismissed if there is a significant reason why the statutory auditor cannot finalise the audit. The reasons for dismissal and resignation must be communicated to the responsible oversight authorities.

Effective communication between the statutory auditor/audit firm and the audited entity is of significant importance for high quality audits. It should lead to the audited entity drawing the necessary conclusions. Due to different corporate governance structures in different countries and different companies, it would remain under the Directive the responsibility of Member States to establish effective rules in this regard. As a minimum, the communication between the auditor and the audited entity would have to be recorded by the audited entity in order to allow independent directors of the entity to get an overview of the relationship with the statutory auditor/audit firm.

Furthermore, the proposed Directive introduces changes to the Fourth (78/660/EEC) and Seventh (83/349/EEC) Company Law Directives by requiring audited entities to disclose the fees paid to the statutory auditor or audit firm broken down by fees for audit services, other assurance services, tax services and other non-audit services.

Why would the proposed Directive require all public interest entities to establish an audit committee? What would be the rules on the membership and work of that committee?

The requirement to set up an audit committee will strengthen the independent monitoring of the financial reporting process and of the statutory audit and help to prevent any possible undue influence by the executive management. The audit committee must be composed of non-executive members of the administrative body or members of the supervisory body of the audited entity, in other words usually non-executive directors. In order for the committee to fulfil its tasks effectively, at least one of the independent members must be competent in accounting and/or auditing.

The tasks of the audit committee include:

supervision of the financial reporting process

monitoring of the effectiveness of the internal control system, the internal audit and the risk management system

supervision of the statutory audit including the independence of the statutory auditor or audit firm

proposal of the statutory auditor or audit firm for appointment.

The responsibility for the internal control system, the internal audit and the risk management system remain with the audited entity's management.

Why does the proposed Directive remove nationality restrictions on ownership and management of audit firms?

The proposed Directive would no longer allow a Member State to require that the majority of the voting rights and the majority of the members of the administrative or management body should be in the hands of statutory auditors or audit firms that are approved in that specific Member State. The proposal removes these restrictions on ownership and management by stating very clearly that the majority of the voting rights of an audit firm should be held by statutory auditors or audit firms approved in any Member State and that the majority of the members of the administrative or management body of an audit firm must be statutory auditors or firms approved in any Member State. This change enhances compatibility with internal market rules and will also allow for the creation of more fully integrated EU audit firms. That in turn will contribute to the opening up of the audit market. Allowing auditors to set up an audit firm in another Member State than their own and to manage such a firm might bring about more competition. The statutory auditor who carries out a statutory audit on behalf of a firm must, however, be locally approved.

Would the proposed Directive allow a statutory auditor to carry out a statutory audit in another Member State?

An aptitude test is prescribed for the approval of statutory auditors from other Member States This departure from the recent proposal for a Directive on Services in the Internal Market which in general would allow service providers authorised in one Member State to operate in all the others on a temporary basis - is justified because of the need for the statutory auditors to be fully aware of the specific legislation of the Member State (such as company law, fiscal law and social security law) in which they carry out the statutory audit.

How does the proposed Directive strengthen public oversight over the audit profession?

Effective public oversight over the audit profession is a vital element in the maintenance and enhancement of confidence in the audit function. The current lack of confidence is partly based on a public perception that a self-regulating profession runs a serious risk of conflicts of interests in dealing with its shortcomings. Therefore, credible public oversight over the audit profession is crucial.

The proposed Directive requires Member States to organise an effective system of public oversight for all statutory auditors and audit firms. This system must be independent of the profession and must have the ultimate responsibility for the oversight of the way in which the regulatory process works in practice. This means that the system must oversee the process of approval of statutory auditors and audit firms, the process of adoption of standards on ethics, internal quality control and auditing and the implementation of continuous education, quality assurance and investigative and disciplinary systems. In order to be credible, the system of public oversight must be governed by non-practitioners who are knowledgeable in the areas relevant to statutory audit (such as recently retired professionals, former members of audit committees, public sector accountants). For the audit of non-public interest entities, Member States may allow a minority of practitioners to be involved in the governance of the public oversight system). The system of public oversight must be transparent and must be adequately funded.

Would the proposed Directive establish an EU regulator?

No, but it would establish the basis for bringing together the national systems into a cohesive, efficient pan-European network. This should serve to encourage convergence of principles and practice. The proposed Directive establishes the principle that Member States shall recognise each other's oversight and regulatory systems. For the audit of consolidated accounts and for the purpose of listings in another Member State, no further requirements beyond those in the home country may be imposed. Furthermore, the proposed Directive sets out the rules for effective cooperation between Member States in investigations of audit firms.

How does the Directive propose to organise a cooperative approach with third country oversight bodies?

The recent scandals relating to globally operating companies have made apparent the need for internationally consistent regulation on oversight over auditors. The Commission believes that the best way to organise such a cooperative approach would be on the basis of all parties concerned recognising the principle of home country control, so that the cooperation could take place between the relevant authorities. The proposal provides a framework for cooperative arrangements between the authorities of Member States and of third countries.

An important player in this respect is the newly created US PCAOB (Public Company Accounting Oversight Board). The proposed Directive reflects the results of several months of intense and fruitful discussions with the PCAOB. It facilitates cooperation between competent authorities within the EU and with the authorities of third countries, based on a cooperative model and work sharing. In order for cooperation of this sort to take place, the third country oversight system has to be considered equivalent to the EU model. This allows a maximum of reliance on the home country authorities and as well as reinforcing safeguards against malpractice would avoid audit firms facing unnecessary and duplicative administrative requirements, for example onerous registration processes, in several different countries.

The direct transfer of information by EU statutory auditors and audit firms to third countries is a sensitive matter. Within the cooperative model, it may be possible in exceptional circumstances to grant direct access to such documents, on the condition that a number of important safeguards are fulfilled. These include reciprocal rights for Member States' competent authorities in the third country. However, transfer of information via the home competent authority must remain the preferred route.

Will this resolve recent issues with the US, particularly on conflicts of law?

Discussions with the PCAOB have shown that there is a great deal of agreement between the EU and the US on the contents of the regulation of the audit profession. Europe and the US have different financial, legal, historical and cultural traditions. They are not identical and their regulatory action may have spill over effects in the other's jurisdiction. However, serious efforts have been undertaken to have parallel moves on both sides so as to avoid regulatory difficulties in so far as is possible. Through intelligent work sharing, the Commission has been cooperating with the PCAOB to produce compatible regulation.

Is there a requirement for third country auditors to be registered in the EU?

In principle, third country auditors need not be registered in the EU. Registration is only required where the third country auditor provides audits for a foreign company whose securities are traded on a regulated market in the EU. Registration is also necessary if the third country auditor audits the consolidated accounts of a foreign group which has a subgroup within the EU that is itself exempted from consolidation on the basis of the Seventh Council Directive 83/349/EEC on consolidated accounts. But under the proposal, such registration would no longer be necessary when the oversight system that exists in the third country is considered equivalent to the EU model.

How would detailed measures implementing the Directive be drawn up?

Implementing measures would be decided upon by the Commission in co-operation with Member States in the audit regulatory committee, in accordance with the procedures agreed with Council and Parliament concerning the implementation of financial services legislation.

What other initiatives will the Commission take following Parmalat?

The Commission intends to accelerate some of the proposals which it has announced in its May 2003 Action Plan on modernising company law and enhancing corporate governance in the EU (see IP/03/716 and MEMO/03/112). These proposals relate to:

the definition of the role of non-executive directors

the clarification of the responsibility of board members for financial and key non-financial information

the improved disclosure of intra-group transactions and transactions with related parties

the full disclosure in the financial statements of offshore special purpose vehicles, including why the company uses these offshore structures and a much stricter verification by the group auditor of their content.